Can not convert String to Secure String for use in New-ADUser

I'm using Primal Forms Community Edition to create a GUI that will stream line our new student creation process for our secretaries. In the lower level schools the students use their birthdays as their passwords so they're easy to remember.

I have a Text Entry Box that is labeled as the "Birthday" Field. What I'm looking to do is take that field and use it for -AccountPassword in New-ADUser. However, no matter what I try I always get this error when trying to create a new user with my script.

New-ADUser : Cannot bind parameter 'AccountPassword'. Cannot convert the "System.Security.SecureString" value of type
"System.String" to type "System.Security.SecureString".
At C:\Users\pomeroyt\Google Drive\Work\Scripts\Powershell\student_creation_gui.ps1:377 char:12
+ New-ADUser @User
+ ~~~~~
+ CategoryInfo : InvalidArgument: (:) [New-ADUser], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.ActiveDirectory.Management.Commands.NewADUser

The Code I'm using looks like this.

$password = $dob.text | ConvertTo-SecureString -AsPlainText -Force
$user = @{
Description = "Student"
UserPrincipalName = "$[email protected]"
Name = "$lname.text, $fname.text"
SamAccountName = "$username"
Surname = "$lname.text"
GivenName = "$fname.text"
EmailAddress = "$email"
HomeDrive = H:
HomeDirectory = "\\$server\Students\$yog\$username"
ScriptPath = "$script"
ChangePasswordAtLogon = 0
CannotChangePassword = 1
PasswordNeverExpires = 1
AccountPassword = "$password"
Enabled = 1
Path = "OU=$yog,OU=$group,OU=STUDENTS,DC=domain,DC=local"
}
New-ADUser @User

I'm really at a loss here because everything I've seen says that what I'm doing should work

Edit --

The solution below did resolve the password issue. However, I didn't realize that I was actually seeing additional issues with my code.

I turned on -verbose to see what was happening and discovered that the Name field was not outputting correctly. When putting "$lname, $fname" for Name = it resulted in the full output of $lname for some reason. I created a new string called $name and set it to = $lname.text+", "+$fname.text.

Now Name = $name and the command fires as expected.

Change

AccountPassword = "$password"

to

AccountPassword = $password

If you have quotes around the variable, it is taken as a regular string instead of a secure string. Proof:

$plainText = "Plain text"
$secureString = ConvertTo-SecureString $plainText -AsPlainText -Force
$quotedSecureString = "$secureString"
$plainText.GetType()
$secureString.GetType()
$quotedSecureString.GetType()

results in

IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True True String System.Object
True False SecureString System.Object
True True String System.Object

I experienced the same issue as OP where the secure string would be parsed as a string instead. Benjamin's response seems solid so I tested it out by running:

```
$plainText = "Plain text"
$secureString = ConvertTo-SecureString $plainText -AsPlainText -Force
$quotedSecureString = "$secureString"
$plainText.GetType()
$secureString.GetType()
$quotedSecureString.GetType()
```

In both terminal and PowerShell.

[Benjamin's Code][1]

However, my attempt contains an environmental variable instead (I am building a docker container) which appears to react differently.

```
$env:SVCUSER="testuser"
$env:SVCPASS="testpass"
$env:SITENAME="test.com"
$env:SecurePass=ConvertTo-SecureString $env:SVCPASS -AsPlainText -Force
New-LocalUser -Name "$env:SVCUSER" -Password $env:SecurePass -Description "$env:SITENAME Site User"
```

This results in the same error as OP.

```
Cannot bind parameter 'Password'. Cannot convert the "System.Security.SecureString" value of type "System.String" to type "System.Security.SecureString".
```

[My similar code (and the error)][2]

To resolve this issue I needed to use what I assume to be a local script variable as opposed to an environmental one:

```
$env:SVCUSER="testuser"
$env:SVCPASS="testpass"
$env:SITENAME="test.com"
$SecurePass=ConvertTo-SecureString $env:SVCPASS -AsPlainText -Force
New-LocalUser -Name "$env:SVCUSER" -Password $SecurePass -Description "$env:SITENAME Site User"
```

I suppose that makes sense since writing as an environment variable would mean that (albeit secure) string is there until those variables are reset.

When I analyse the types of the first and second method's output (i.e. local and environmental variable) I can see that the two have different types, just as the error alluded:

[Working with local variables][3]

For future reference I am using Powershell 5.1.19041.1. I know they are changing quite big functions with PS so it could be that this changes in future. It's probably for the best that it didn't in my case!

[1]:

[2]:

[3]: